Skip to content

Releases: Neo23x0/Loki

LOKI version 0.27.5

14 Apr 07:10
@Neo23x0 Neo23x0
v0.27.5
938053f
Compare
Choose a tag to compare
LOKI version 0.27.5
  • Bugfix: Removed demo code
Assets 3
Loading

LOKI version 0.27.4

13 Apr 23:04
@Neo23x0 Neo23x0
v0.27.4
1c429c1
Compare
Choose a tag to compare
LOKI version 0.27.4

screen shot 2018-04-14 at 00 59 57

Assets 3
Loading

LOKI version 0.27.3

12 Apr 22:51
@Neo23x0 Neo23x0
v0.27.3
3dd430d
Compare
Choose a tag to compare
LOKI version 0.27.3
  • Added support for PESieve's "implanted" process detection
Assets 3
Loading

LOKI version 0.27.2

12 Apr 22:38
@Neo23x0 Neo23x0
v0.27.2
f7790e9
Compare
Choose a tag to compare
LOKI version 0.27.2
Assets 3
Loading

LOKI version 0.27.1

10 Apr 21:50
@Neo23x0 Neo23x0
v0.27.1
8123dce
Compare
Choose a tag to compare
LOKI version 0.27.1
  • Bugfix in process memory scan (thx to Didier)
Assets 3
Loading

LOKI version 0.27.0

17 Mar 09:00
@Neo23x0 Neo23x0
v0.27.0
a18c74a
Compare
Choose a tag to compare
LOKI version 0.27.0
  • Log format of TEXT and SYSLOG output changed and now includes the reporting module
  • Bugfix: Don't run PESieve on Windows XP

Log Format Changes

From:

LOKI: [Level]: [Message]

To:

LOKI: [Level]: MODULE: [Module] MESSAGE: [Message]

screen shot 2018-03-17 at 09 26 46

Splunk App & Add-on

The changes to the log format allow you to use the THOR Splunk App and Addon for your LOKI log file analysis

THOR App https://splunkbase.splunk.com/app/3717/
THOR Addon https://splunkbase.splunk.com/app/3718/

screen shot 2018-03-17 at 09 22 43

Make sure to:

  1. Select the sourcetype "thor" for your inputs

screen shot 2018-03-17 at 08 03 39

  1. Set the index to be "searched by default" if you create a new index

screen shot 2018-03-17 at 08 20 07

IMPORTANT: I will not support every dashboard but the App helps to you search and filter the LOKI results based on fields. The most important dashboard named "Universal Dashboard" should work. If you want to fix or improve other dashboard views, please send me your improvements. All this work (LOKI, the signatures and the Apps) are offered for free and most of the work is done in my spare time on weekends. Please consider this before reporting bugs in the dashboards that could be fixed in 2 minutes of your own time. If you want Enterprise grade tools and support, please visit our website and ask for a trial https://www.nextron-systems.com of such tools.

Assets 3
Loading

LOKI version 0.26.2

19 Feb 13:53
@Neo23x0 Neo23x0
v0.26.2
45b5edd
Compare
Choose a tag to compare
LOKI version 0.26.2
  • Bugfix: Removed legacy code for old filename IOC format that caused problems with newest filename IOC format (many false positives with negative score values in "description" and a score of "60")
Assets 3
Loading

LOKI version 0.26.1

13 Feb 11:18
@Neo23x0 Neo23x0
v0.26.1
7c8b583
Compare
Choose a tag to compare
LOKI version 0.26.1
  • New hash IOC whitelist
  • Better hostname evaluation on Linux / OSX
  • Code refactoring
  • Better messages
Assets 3
Loading

LOKI version 0.26.0

01 Jan 20:59
@Neo23x0 Neo23x0
v0.26.0
60a3102
Compare
Choose a tag to compare
LOKI version 0.26.0

screen shot 2018-01-01 at 21 34 58

screen shot 2018-01-01 at 19 38 03

Assets 3
Loading

LOKI version 0.25.0

30 Nov 19:09
@Neo23x0 Neo23x0
v0.25.0
0c44bd8
Compare
Choose a tag to compare
LOKI version 0.25.0
  • Support for encrypted private YARA rules (only available in custom build)
  • Build with PyInstaller 3.3
  • Build scripts and specs
  • Bugfix: Python3 support refactoring broke a loki-upgrader.py section
Assets 3
Loading